The Hacker News — Cyber Security, Hacking, Technology News

#OpUSA campaign is officially started, the day has come, today May 7 as announced by Anonymous, a coordinated online attack will hit Banking and government websites. The announcement made by popular group of hacktivists is creating great concerns between US security experts in charge of defense the potential targets.

The message passed sent by Anonymous to US authorities is eloquent, “We Will Wipe You Off the Cyber Map”

The hacktivists participating to OpUSA campaign protest against the policy of the US Government blamed to have committed war crimes in foreign states and in its countries.

"Anonymous will make sure that's this May 7 will be a day to remember. On that day anonymous will start phase one of operation USA. America you have committed multiple war crimes in Iraq, Afghanistan, Pakistan, and recently you have committed war crimes in your own country,"

It’s second time that collective menace the central government of a “Big” state, in the last months was touched to Israel during #OpIsrael campaign.

Early May the DHS has issued an alert on the attacks announce OpUSA that will target US government and financial institutions, following the key findings of the warning:

“On 7 May 2013, a group of mostly Middle East- and North Africa-based criminal hackers are preparing to launch a cyber attack campaign known as “OpUSA” against websites of high-profile US Government agencies, financial institutions, and commercial entities. The attacks likely will result in limited disruptions and mostly consist of nuisance-level attacks against publicly accessible webpages and possibly data exploitation. Independent of the success of the attacks, the criminal hackers likely will leverage press coverage and social media to propagate an anti-US message.”

According security experts the ongoing coordinated DDoS attacks against US organizations could have a greater impact respect the ones of the #OpIsrael campaign because the U.S. Internet infrastructure is much more dynamic, the Israeli Internet pipeline is much easier to control and close according Marc Gaffan, co-founder of online security provider Incapsula.

Ronen Kenig, researcher at security firm Radware announced that from online forum monitoring emerged that the groups involved in the attacks will be same that participated to #OpIsrael campaign.

”What we know from some of the information that has been shared in forums and other communication channels is that this is going to be very similar to what we saw in Operation Israel,” ”The same groups are involved.”

The announcement of similar attacks gives to the security experts the opportunity to arrange a mitigation strategy to preserve the targets from the offensive, security teams are monitoring Internet traffic trying to identify anomalous traffic.

On April 24th Anonymous published a Pastebin post listing the possible targets of the #OpUSA campaign, including The White House website, at least 8 federal government websites and hundreds of U.S. Banking institutions.

Security experts are not underestimating #OpUSA to avoid to commit errors, the targeted organizations represent the financial backbone of the USA and have made meaningful investments in security to be prepared for the attacks.

The real problem is my opinion is that hacktivism is a phenomenon not negligible, the various collectives are improving the capability to coordinate their operations on global scale getting more organized and more unsettling

The principal problems related to #OpUSA are related to minor financial institutions that could be not prepared for the cyber attacks, and according many security experts also government offices could suffer similar offensives.

Within principal concerns of security expert it is the participation to the #OpUSA of the group of hackers dubbed Izz ad-Din al-Qassam Cyber Fighters that’s taken credit for the series of DDoS attacks against U.S. Banks in the past eight.

The hacktivists share the same ideology of Anonymous collective and the same anger smolder against the American policy.

Dan Holden, expert at DDoS-mitigation provider Arbor Networks, commented the possible involvement of Izz ad-Din al-Qassam Cyber Fighters with the following words: ”However, the one thing that does lead me to think it’s possible would be the much larger impact the attack would have with their involvement,”

”I would say that if they do become involved, that the likelihood of the attacks being successful goes way up,” Holden adds. ”OpIsrael didn’t seem to have a ton of impact, but the defensive capability outside of the banks is likely to be less, and therefore this could be used as an excuse by QCF [Izz ad-Din al-Qassam Cyber Fighters] to expand their efforts and realize a win, so to speak, given the dwindling effect many of their attacks have had lately.”

Fortunately for the targets according to a statement published a few hours ago the hackers say they’re pausing Operation Ababil and will not take part to #OpUSA this week.

“As was specified in the previous statements, al-Qassam Cyber Fighters's purpose of DDoS attacks to American banks is to convey the voice of objection of Muslims towards religious and Islamic sacrilege, to the politicians, statesmen and people of America and the world,”

“Our will is to remove the links which entails illegitimate attributions to prophet of Islam(pbuh) from the Internet. Whilst respecting nations, we ask all to preserve the limits of religious sanctities and divine religions,” they added.

“Due to the simultaneity of OpUSA with Operation Ababil, and to abstain from ambiguity in the intentions of our operation, this week we will not run any attack and so Operation Ababil will be paused during May 7-9th.”

What to expect from the operation OpUSA? According a post published by Radware in April the principal methods of attacks will include

Using common vulnerabilities to perform web site defacement and private information leakage from backend data sources.

Consumption of web server resources using “Low and Slow” attack tools such as Slowloris,Pyloris, R.U.D.Y – note that these attacks were shown to be using HTTPS as well as HTTP protocols.

If groups similar to Izz ad-Din al-Qassam cyber fighters join the attack campaign, we may also expect distributed attacks originating from dedicated attacking servers. These attacks could cause huge traffic peaks and will be harvesting the power of server based botnets such as Brobot (aka Itsoknoproblembro).

We just have to wait for the storm to pass to analyze the offensive capability of Anonymous and the opposite response of the affected institutions ... of certain events such as these have a financial impact far from negligible regardless of the results of the attacks.

A Bank of America spokesperson told that the bank is "aware of the reports of possible cyber attacks and [is] monitoring [its] systems, which are fully operational.".

Hacker said in new warning note ,"After stopping one month attack of Izz ad-Din al-Qassam Group to American banks, today, this group has announced a new cycle of attacks, via an Email which has been sent to us, and has acclaimed that its aim is to compensate guilty offends to holy Prophet of Islam, Mohammad(PBUH). Also, in internet conversations earlier, this group had been stated that these attacks won’t stopped and even in new announcements, it’s been marked that there will be so much stronger attacks in the days ahead."

This phase two of DDOS attack serious named as "Operation Ababil" . Note describe, "the second phase of the Ababil operation is in ahead and from this week according to the announced plan, will be performed. In new phase, the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks."

"They didn't pay any attention to the extensive complaints made by Muslims against this offend and also did not take in to account their damaged feelings and behave with them so rudely. We know that they only marked the sensitivity and honor of the Muslims and examine it and now they really observe the consequences of this experiment so strongly."

While the perpetrators behind the al-Qassam attacks have yet to be identified, the name is a reference to the armed wing of Hamas, although the entire group employs militaristic means and terrorist attacks. U.S. officials have said they believe the attacks are state-sponsored by Iran, but the cyber attackers still insist they are not working for any government.

Capital One Financial Corp. said it’s the latest target in a new round of coordinated cyber attacks aimed at disrupting the websites of major U.S. banks, and SunTrust Banks Inc. and Regions Financial Corp. said they expect to be next.

The so-called “Izz ad-Din al-Qassam Cyber Fighters” posted a specific timetable for its attack program on PasteBin.com, a website commonly used by hackers to brag about exploits. Izz ad-Din al-Qassam also threatened to pursue more cyber attacks next week and has long said it will not stop until the video is removed from the Internet.

American banks will reportedly face a massive cyberattack in coming weeks. A Russian-speaking hacker is organizing a massive trojan attack based around fraudulent wire transfers--and American banks appear to be at the center of the raid.

In the past, such attacks have sometimes caused websites to slow to a crawl or become inaccessible for some users; however, the impact cannot be gauged in advance. The same group has taken credit for attacks on Bank of America , J.P. Morgan Chase and the NYSE Euronext in recent weeks.

Security professionals investigating the recent cyber attacks against the U.S. financial sector said last week that they discovered the tools at the heart of the attacks are more complex than previously thought and that a variant of the malware has been found in labs in Saudi Arabia. It’s not clear whether this means the malware used against U.S. banks came from Saudi Arabia or just ended up there coincidentally.

An obscure group identifying itself as the Izz ad-din al-Qassam Cyber Fighters claimed responsibility for the first wave of attacks as retaliation for the amateurish Innocence of Muslims film that mocked the Islamic prophet Mohammed and sparked protests throughout the Middle East.

Who’s really responsible for a recent series of cyberattacks on American banks? A few days back US Defense Secretary Leon Panetta said Iran is responsible for cyberattacks launched against Saudi Aramco and RasGas and US banks. While Panetta did not directly link Iran to the Persian Gulf attacks, he later noted that Iran has "undertaken a concerted effort to use cyberspace to its advantage."

Today, Iran’s defense minister said, The United States is the source of cyber terrorism. "and intends to pave the way for increasing its activities in relation to cyber terrorism through diverting attention and leveling accusation,” Defense Minister Ahmad Vahidi.

The Iranian defense minister also said that the Zionist regime is another “blatant example of cyber terrorism.”

Addressing a ceremony in Tehran on Sunday, Jalali said his organization aims to harness and reduce threats against Iran, "so, threats determine the direction of our movement". Over the past few years Iran had been the target of numerous cyber attacks, which had been carried out to disrupt the country's industrial systems, but Iranian experts had been able to successfully monitor and counter the threats.

Bank of America's website experienced periodic outages Tuesday due to cyber attacks launched in retaliation for "Innocence of Muslims," the amateurish film whose mocking portrait of the Prophet Muhammad has incited deadly riots throughout the Middle East.

"Cyber fighters of Izz ad-din Al qassam" said it would attack the Bank of America and the New York Stock Exchange as a "first step" in a campaign against properties of "American-Zionist Capitalists."

"After Successful attack to YouTube Servers in recent days made by Muslims around the world, many groups announce that they are ready to do similar attacks.When supporter of that sacrilegious movie try to punish the cast and crew, the publisher included, this story will end until that time these kinds of Cyber Attacks will be continued and the Cyber world will be an unsafe place for all of Enemies of Islam." Hackers posted on their blog.

People around the country reported on social media that they had problems accessing the site around midday and continuing into the evening. Some reported not being able to log in to online banking for hours.

"We are working to ensure full availability," Mark Pipitone, a bank spokesman told. Asked whether the bank was the target of a cyberattack, Pipitone said, "I can assure you we continuously take proactive measures to secure our systems."

The U.S. government has denounced the film repeatedly since a riot in Libya last week killed the U.S. ambassador to the country and three other Americans.

As warned by Izz ad-Din al-Qassam Cyber Fighters They launched another distributed denial-of-service (DDOS) attack against the website of Regions Financial Corp (regions.com) and SunTrust. The computer attacks burden the bank websites with heavy traffic volume that causes slow service for the sites or makes them completely unavailable.

In a Pastebin post dated Oct. 8, the hacktivist group announced the planned Oct. 9 attack against Capital One, the Oct. 10 attack against SunTrust and an Oct. 11 takedown date for Regions Financial Corp and THEY DID IT.

SunTrust ( suntrust.com ) spokesman Michael McCoy confirmed SunTrust's site had been hit by an uptick in traffic. "We have seen increased online traffic today and experienced intermittent service availability of some online functions," he said.

A couple of days ago, Regions representatives told Fox Business that the organization was aware of the threats. At the time, they claimed they were “taking every measure” to protect the company and customers.

All these attacks on US Banks are in response to a video uploaded to YouTube ridiculing the Prophet Muhammad and offending some Muslims.

That unknown motivation also makes fighting these DDoS attacks challenging, Pascual says, although banks are likely improving their defensive techniques.

The multinational bank HSBC has blamed a denial of service attack for the downtime of many of its websites worldwide on Thursday night and the Anonymous group has been quick to take credit.

"Banks are the sole cause of our current worldwide economic problems. They deserve to get hit. RBS, Lloyds TSB and Barclays are next," FawkesSecurity said.

"This denial-of-service attack did not affect any customer data, but did prevent customers using HSBC online services, including Internet banking. We are taking appropriate action, working hard to restore service. We are pleased to say that some sites are now back up and running. We are cooperating with the relevant authorities and will cooperate with other organizations that have been similarly affected by such criminal acts." HSBC said.

The timing of the group's Twitter postings lends credence to its claims, but Twitter users claiming to be Anonymous members have falsely claimed responsibility for attacks before. It is also possible that HSBC was targeted by the Izz ad-Din al-Qassam Cyber Fighters as part of a current campaign to get the controversial Innocence of Muslims video removed from YouTube.

Darren Anstee, EMEA solutions architect team lead at Arbor Networks, said: “Recent attacks have used what we call multi-vector attacks, attacks which utilise a combination of volumetric, and application layer attack vectors. What we are seeing here are TCP, UDP and ICMP packet floods combined HTTP, HTTPS and DNS application layer attacks. Attackers are doing this because they know it makes the attacks more difficult to deal with, but not impossible if we have the right services and solutions in place."